Mercurial: tests/test-https.t annotate

annotate tests/test-https.t @ 29439:c42a3fd5c1fc

hgweb: reindent atom/changelogentry.tmpl It was mixing tabs and spaces, and not in a good way. Indent style of other atom entries seems to be 1 space per level, so let's apply it here as well.

author	Anton Shestakov <av6@dwimlabs.net>
date	Wed, 29 Jun 2016 22:48:32 +0800
parents	e1778b9c8d53
children	072e4a595607

rev	line source
22046 7a9cbb315d84 tests: replace exit 80 with #require Matt Mackall <mpm@selenic.com> parents: 18682 diff changeset	1 #require serve ssl
2612 ffb895f16925 add support for streaming clone. Vadim Gelfer <vadim.gelfer@gmail.com> parents: diff changeset	2
22046 7a9cbb315d84 tests: replace exit 80 with #require Matt Mackall <mpm@selenic.com> parents: 18682 diff changeset	3 Proper https client requires the built-in ssl from Python 2.6.
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	4
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	5 Make server certificates:
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	6
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	7 $ CERTSDIR="$TESTDIR/sslcerts"
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	8 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub.pem" >> server.pem
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	9 $ PRIV=`pwd`/server.pem
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	10 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-not-yet.pem" > server-not-yet.pem
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	11 $ cat "$CERTSDIR/priv.pem" "$CERTSDIR/pub-expired.pem" > server-expired.pem
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	12
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	13 $ hg init test
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	14 $ cd test
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	15 $ echo foo>foo
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	16 $ mkdir foo.d foo.d/bAr.hg.d foo.d/baR.d.hg
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	17 $ echo foo>foo.d/foo
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	18 $ echo bar>foo.d/bAr.hg.d/BaR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	19 $ echo bar>foo.d/baR.d.hg/bAR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	20 $ hg commit -A -m 1
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	21 adding foo
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	22 adding foo.d/bAr.hg.d/BaR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	23 adding foo.d/baR.d.hg/bAR
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	24 adding foo.d/foo
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	25 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	26 $ cat ../hg0.pid >> $DAEMON_PIDS
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	27
13544 66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	28 cacert not found
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	29
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	30 $ hg in --config web.cacerts=no-such.pem https://localhost:$HGPORT/
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	31 abort: could not find web.cacerts: no-such.pem
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	32 [255]
66d65bccbf06 cacert: improve error report when web.cacert file does not exist timeless <timeless@gmail.com> parents: 13439 diff changeset	33
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	34 Test server address cannot be reused
4289 e17598881509 test-http: use printenv.py Alexis S. L. Carvalho <alexis@cecm.usp.br> parents: 4130 diff changeset	35
17023 3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	36 #if windows
3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	37 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
18682 408f2202bd80 tests: remove glob from output lines containing no glob character Simon Heimberg <simohe@besonet.ch> parents: 18588 diff changeset	38 abort: cannot start server at ':$HGPORT':
17023 3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	39 [255]
3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	40 #else
12740 b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	41 $ hg serve -p $HGPORT --certificate=$PRIV 2>&1
b86c6954ec4c serve: fix https mode and add test Mads Kiilerich <mads@kiilerich.com> parents: 12643 diff changeset	42 abort: cannot start server at ':$HGPORT': Address already in use
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	43 [255]
17023 3e2d8120528b test-http and test-https: partially adapt for Windows Adrian Buehlmann <adrian@cadifra.com> parents: 17018 diff changeset	44 #endif
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	45 $ cd ..
2612 ffb895f16925 add support for streaming clone. Vadim Gelfer <vadim.gelfer@gmail.com> parents: diff changeset	46
29288 7dee15dee53c sslutil: add devel.disableloaddefaultcerts to disable CA loading Gregory Szorc <gregory.szorc@gmail.com> parents: 29268 diff changeset	47 Our test cert is not signed by a trusted CA. It should fail to verify if
7dee15dee53c sslutil: add devel.disableloaddefaultcerts to disable CA loading Gregory Szorc <gregory.szorc@gmail.com> parents: 29268 diff changeset	48 we are able to load CA certs.
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	49
24289 07fafcd4bc74 test-https: enable dummycert test only if Apple python is used (issue4500) Yuya Nishihara <yuya@tcha.org> parents: 24138 diff changeset	50 #if defaultcacerts
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	51 $ hg clone https://localhost:$HGPORT/ copy-pull
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	52 abort: error: certificate verify failed (glob)
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	53 [255]
29288 7dee15dee53c sslutil: add devel.disableloaddefaultcerts to disable CA loading Gregory Szorc <gregory.szorc@gmail.com> parents: 29268 diff changeset	54 #endif
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	55
29334 ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	56 Specifying a per-host certificate file that doesn't exist will abort
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	57
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	58 $ hg --config hostsecurity.localhost:verifycertsfile=/does/not/exist clone https://localhost:$HGPORT/
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	59 abort: path specified by hostsecurity.localhost:verifycertsfile does not exist: /does/not/exist
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	60 [255]
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	61
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	62 A malformed per-host certificate file will raise an error
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	63
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	64 $ echo baddata > badca.pem
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	65 $ hg --config hostsecurity.localhost:verifycertsfile=badca.pem clone https://localhost:$HGPORT/
29356 93b83ef78d1e tests: increase test-https malform error glob Durham Goode <durham@fb.com> parents: 29334 diff changeset	66 abort: error: * (glob)
29334 ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	67 [255]
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	68
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	69 A per-host certificate mismatching the server will fail verification
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	70
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	71 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/client-cert.pem" clone https://localhost:$HGPORT/
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	72 abort: error: certificate verify failed (glob)
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	73 [255]
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	74
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	75 A per-host certificate matching the server's cert will be accepted
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	76
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	77 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" clone -U https://localhost:$HGPORT/ perhostgood1
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	78 requesting all changes
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	79 adding changesets
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	80 adding manifests
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	81 adding file changes
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	82 added 1 changesets with 4 changes to 4 files
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	83
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	84 A per-host certificate with multiple certs and one matching will be accepted
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	85
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	86 $ cat "$CERTSDIR/client-cert.pem" "$CERTSDIR/pub.pem" > perhost.pem
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	87 $ hg --config hostsecurity.localhost:verifycertsfile=perhost.pem clone -U https://localhost:$HGPORT/ perhostgood2
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	88 requesting all changes
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	89 adding changesets
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	90 adding manifests
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	91 adding file changes
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	92 added 1 changesets with 4 changes to 4 files
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	93
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	94 Defining both per-host certificate and a fingerprint will print a warning
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	95
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	96 $ hg --config hostsecurity.localhost:verifycertsfile="$CERTSDIR/pub.pem" --config hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca clone -U https://localhost:$HGPORT/ caandfingerwarning
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	97 (hostsecurity.localhost:verifycertsfile ignored when host fingerprints defined; using host fingerprints for verification)
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	98 requesting all changes
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	99 adding changesets
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	100 adding manifests
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	101 adding file changes
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	102 added 1 changesets with 4 changes to 4 files
ecc9b788fd69 sslutil: per-host config option to define certificates Gregory Szorc <gregory.szorc@gmail.com> parents: 29331 diff changeset	103
29288 7dee15dee53c sslutil: add devel.disableloaddefaultcerts to disable CA loading Gregory Szorc <gregory.szorc@gmail.com> parents: 29268 diff changeset	104 $ DISABLECACERTS="--config devel.disableloaddefaultcerts=true"
22575 d7f7f1860f00 ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs Mads Kiilerich <madski@unity3d.com> parents: 22046 diff changeset	105
29411 e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	106 Inability to verify peer certificate will result in abort
2673 109a22f5434a hooks: add url to changegroup, incoming, prechangegroup, pretxnchangegroup hooks Vadim Gelfer <vadim.gelfer@gmail.com> parents: 2622 diff changeset	107
29288 7dee15dee53c sslutil: add devel.disableloaddefaultcerts to disable CA loading Gregory Szorc <gregory.szorc@gmail.com> parents: 29268 diff changeset	108 $ hg clone https://localhost:$HGPORT/ copy-pull $DISABLECACERTS
29411 e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	109 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	110 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server)
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	111 [255]
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	112
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	113 $ hg clone --insecure https://localhost:$HGPORT/ copy-pull
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	114 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	115 requesting all changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	116 adding changesets
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	117 adding manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	118 adding file changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	119 added 1 changesets with 4 changes to 4 files
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	120 updating to branch default
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	121 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	122 $ hg verify -R copy-pull
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	123 checking changesets
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	124 checking manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	125 crosschecking files in changesets and manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	126 checking files
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	127 4 files, 1 changesets, 4 total revisions
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	128 $ cd test
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	129 $ echo bar > bar
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	130 $ hg commit -A -d '1 0' -m 2
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	131 adding bar
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	132 $ cd ..
2673 109a22f5434a hooks: add url to changegroup, incoming, prechangegroup, pretxnchangegroup hooks Vadim Gelfer <vadim.gelfer@gmail.com> parents: 2622 diff changeset	133
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	134 pull without cacert
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	135
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	136 $ cd copy-pull
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	137 $ echo '[hooks]' >> .hg/hgrc
25478 d19787db6fe0 tests: simplify printenv calls Matt Mackall <mpm@selenic.com> parents: 25472 diff changeset	138 $ echo "changegroup = printenv.py changegroup" >> .hg/hgrc
29288 7dee15dee53c sslutil: add devel.disableloaddefaultcerts to disable CA loading Gregory Szorc <gregory.szorc@gmail.com> parents: 29268 diff changeset	139 $ hg pull $DISABLECACERTS
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	140 pulling from https://localhost:$HGPORT/
29411 e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	141 abort: unable to verify security of localhost (no loaded CA certificates); refusing to connect
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	142 (see https://mercurial-scm.org/wiki/SecureConnections for how to configure Mercurial to avoid this error or set hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 to trust this server)
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	143 [255]
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	144
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	145 $ hg pull --insecure
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	146 pulling from https://localhost:$HGPORT/
e1778b9c8d53 sslutil: abort when unable to verify peer connection (BC) Gregory Szorc <gregory.szorc@gmail.com> parents: 29356 diff changeset	147 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	148 searching for changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	149 adding changesets
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	150 adding manifests
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	151 adding file changes
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	152 added 1 changesets with 1 changes to 1 files
27739 d6d3cf5fda6f hooks: add HG_NODE_LAST to txnclose and changegroup hook environments Mateusz Kwapich <mitrandir@fb.com> parents: 25478 diff changeset	153 changegroup hook: HG_NODE=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_NODE_LAST=5fed3813f7f5e1824344fdc9cf8f63bb662c292d HG_SOURCE=pull HG_TXNID=TXN:* HG_URL=https://localhost:$HGPORT/ (glob)
12446 df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	154 (run 'hg update' to get a working copy)
df57227a72bf tests: unify test-http Matt Mackall <mpm@selenic.com> parents: 10414 diff changeset	155 $ cd ..
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	156
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	157 cacert configured in local repo
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	158
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	159 $ cp copy-pull/.hg/hgrc copy-pull/.hg/hgrc.bu
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	160 $ echo "[web]" >> copy-pull/.hg/hgrc
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	161 $ echo "cacerts=$CERTSDIR/pub.pem" >> copy-pull/.hg/hgrc
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	162 $ hg -R copy-pull pull --traceback
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	163 pulling from https://localhost:$HGPORT/
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	164 searching for changes
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	165 no changes found
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	166 $ mv copy-pull/.hg/hgrc.bu copy-pull/.hg/hgrc
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	167
13231 b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	168 cacert configured globally, also testing expansion of environment
b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	169 variables in the filename
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	170
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	171 $ echo "[web]" >> $HGRCPATH
13231 b335882c2f21 url: expand path for web.cacerts Eduard-Cristian Stefan <alexandrul.ct@gmail.com> parents: 13192 diff changeset	172 $ echo 'cacerts=$P/pub.pem' >> $HGRCPATH
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	173 $ P="$CERTSDIR" hg -R copy-pull pull
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	174 pulling from https://localhost:$HGPORT/
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	175 searching for changes
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	176 no changes found
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	177 $ P="$CERTSDIR" hg -R copy-pull pull --insecure
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	178 pulling from https://localhost:$HGPORT/
29289 3536673a25ae sslutil: move and change warning when cert verification is disabled Gregory Szorc <gregory.szorc@gmail.com> parents: 29288 diff changeset	179 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	180 searching for changes
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	181 no changes found
13192 4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	182
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	183 cacert mismatch
4d03707916d3 https: use web.cacerts configuration from local repo to validate remote repo Mads Kiilerich <mads@kiilerich.com> parents: 13163 diff changeset	184
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	185 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	186 > https://127.0.0.1:$HGPORT/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	187 pulling from https://127.0.0.1:$HGPORT/
15814 c3e958b50a22 sslutil: show fingerprint when cacerts validation fails Mads Kiilerich <mads@kiilerich.com> parents: 15650 diff changeset	188 abort: 127.0.0.1 certificate error: certificate is for localhost
29292 bc5f55493397 sslutil: make cert fingerprints messages more actionable Gregory Szorc <gregory.szorc@gmail.com> parents: 29290 diff changeset	189 (set hostsecurity.127.0.0.1:certfingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30 config setting or use --insecure to connect insecurely)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	190 [255]
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	191 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub.pem" \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	192 > https://127.0.0.1:$HGPORT/ --insecure
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	193 pulling from https://127.0.0.1:$HGPORT/
29289 3536673a25ae sslutil: move and change warning when cert verification is disabled Gregory Szorc <gregory.szorc@gmail.com> parents: 29288 diff changeset	194 warning: connection security to 127.0.0.1 is disabled per current settings; communication is susceptible to eavesdropping and tampering
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	195 searching for changes
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	196 no changes found
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	197 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem"
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	198 pulling from https://localhost:$HGPORT/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	199 abort: error: certificate verify failed (glob)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	200 [255]
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	201 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-other.pem" \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	202 > --insecure
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	203 pulling from https://localhost:$HGPORT/
29289 3536673a25ae sslutil: move and change warning when cert verification is disabled Gregory Szorc <gregory.szorc@gmail.com> parents: 29288 diff changeset	204 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
13328 a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	205 searching for changes
a939f08fae9c url: add --insecure option to bypass verification of ssl certificates Yuya Nishihara <yuya@tcha.org> parents: 13314 diff changeset	206 no changes found
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	207
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	208 Test server cert which isn't valid yet
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	209
28549 e01bd7385f4f tests: reorder hg serve commands Jun Wu <quark@fb.com> parents: 28525 diff changeset	210 $ hg serve -R test -p $HGPORT1 -d --pid-file=hg1.pid --certificate=server-not-yet.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	211 $ cat hg1.pid >> $DAEMON_PIDS
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	212 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-not-yet.pem" \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	213 > https://localhost:$HGPORT1/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	214 pulling from https://localhost:$HGPORT1/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	215 abort: error: certificate verify failed (glob)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	216 [255]
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	217
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	218 Test server cert which no longer is valid
949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	219
28549 e01bd7385f4f tests: reorder hg serve commands Jun Wu <quark@fb.com> parents: 28525 diff changeset	220 $ hg serve -R test -p $HGPORT2 -d --pid-file=hg2.pid --certificate=server-expired.pem
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	221 $ cat hg2.pid >> $DAEMON_PIDS
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	222 $ hg -R copy-pull pull --config web.cacerts="$CERTSDIR/pub-expired.pem" \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	223 > https://localhost:$HGPORT2/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	224 pulling from https://localhost:$HGPORT2/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	225 abort: error: certificate verify failed (glob)
12741 949dfdb3ad2d test-https: test web.cacerts functionality Mads Kiilerich <mads@kiilerich.com> parents: 12740 diff changeset	226 [255]
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	227
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	228 Fingerprints
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	229
29267 f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	230 - works without cacerts (hostkeyfingerprints)
29263 817ee3cfe862 tests: don't save host fingerprints in hgrc Gregory Szorc <gregory.szorc@gmail.com> parents: 28847 diff changeset	231 $ hg -R copy-pull id https://localhost:$HGPORT/ --insecure --config hostfingerprints.localhost=91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	232 5fed3813f7f5
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	233
29267 f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	234 - works without cacerts (hostsecurity)
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	235 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	236 5fed3813f7f5
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	237
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	238 $ hg -R copy-pull id https://localhost:$HGPORT/ --config hostsecurity.localhost:fingerprints=sha256:62:09:97:2f:97:60:e3:65:8f:12:5d:78:9e:35:a1:36:7a:65:4b:0e:9f:ac:db:c3:bc:6e:b6:a3:c0:16:e0:30
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	239 5fed3813f7f5
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	240
28525 dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	241 - multiple fingerprints specified and first matches
28847 3e576fe66715 tests: use --insecure instead of web.cacerts=! Gregory Szorc <gregory.szorc@gmail.com> parents: 28549 diff changeset	242 $ hg --config 'hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca, deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
28525 dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	243 5fed3813f7f5
dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	244
29267 f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	245 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:914f1aff87249c09b6859b88b1906d30756491ca, sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	246 5fed3813f7f5
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	247
28525 dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	248 - multiple fingerprints specified and last matches
28847 3e576fe66715 tests: use --insecure instead of web.cacerts=! Gregory Szorc <gregory.szorc@gmail.com> parents: 28549 diff changeset	249 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, 914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/ --insecure
28525 dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	250 5fed3813f7f5
dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	251
29267 f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	252 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:914f1aff87249c09b6859b88b1906d30756491ca' -R copy-pull id https://localhost:$HGPORT/
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	253 5fed3813f7f5
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	254
28525 dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	255 - multiple fingerprints specified and none match
dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	256
28847 3e576fe66715 tests: use --insecure instead of web.cacerts=! Gregory Szorc <gregory.szorc@gmail.com> parents: 28549 diff changeset	257 $ hg --config 'hostfingerprints.localhost=deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/ --insecure
28525 dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	258 abort: certificate for localhost has unexpected fingerprint 91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	259 (check hostfingerprint configuration)
dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	260 [255]
dfb21c34e07d sslutil: allow multiple fingerprints per host Gregory Szorc <gregory.szorc@gmail.com> parents: 27739 diff changeset	261
29267 f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	262 $ hg --config 'hostsecurity.localhost:fingerprints=sha1:deadbeefdeadbeefdeadbeefdeadbeefdeadbeef, sha1:aeadbeefdeadbeefdeadbeefdeadbeefdeadbeef' -R copy-pull id https://localhost:$HGPORT/
29293 1b3a0b0c414f sslutil: print the fingerprint from the last hash used Gregory Szorc <gregory.szorc@gmail.com> parents: 29292 diff changeset	263 abort: certificate for localhost has unexpected fingerprint sha1:91:4f:1a:ff:87:24:9c:09:b6:85:9b:88:b1:90:6d:30:75:64:91:ca
29268 f200b58497f1 sslutil: reference appropriate config section in messaging Gregory Szorc <gregory.szorc@gmail.com> parents: 29267 diff changeset	264 (check hostsecurity configuration)
29267 f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	265 [255]
f0ccb6cde3e5 sslutil: allow fingerprints to be specified in [hostsecurity] Gregory Szorc <gregory.szorc@gmail.com> parents: 29263 diff changeset	266
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	267 - fails when cert doesn't match hostname (port is ignored)
29263 817ee3cfe862 tests: don't save host fingerprints in hgrc Gregory Szorc <gregory.szorc@gmail.com> parents: 28847 diff changeset	268 $ hg -R copy-pull id https://localhost:$HGPORT1/ --config hostfingerprints.localhost=914f1aff87249c09b6859b88b1906d30756491ca
15997 a45516cb8d9f sslutil: more helpful fingerprint mismatch message Matt Mackall <mpm@selenic.com> parents: 15814 diff changeset	269 abort: certificate for localhost has unexpected fingerprint 28:ff:71:bf:65:31:14:23:ad:62:92:b4:0e:31:99:18:fc:83:e3:9b
a45516cb8d9f sslutil: more helpful fingerprint mismatch message Matt Mackall <mpm@selenic.com> parents: 15814 diff changeset	270 (check hostfingerprint configuration)
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	271 [255]
8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	272
18588 3241fc65e3cd test-https.t: stop using kill `cat $pidfile` Augie Fackler <raf@durin42.com> parents: 18354 diff changeset	273
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	274 - ignores that certificate doesn't match hostname
29263 817ee3cfe862 tests: don't save host fingerprints in hgrc Gregory Szorc <gregory.szorc@gmail.com> parents: 28847 diff changeset	275 $ hg -R copy-pull id https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca
13314 8dc488dfcdb4 url: 'ssh known host'-like checking of fingerprints of HTTPS certificates Mads Kiilerich <mads@kiilerich.com> parents: 13231 diff changeset	276 5fed3813f7f5
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	277
18588 3241fc65e3cd test-https.t: stop using kill `cat $pidfile` Augie Fackler <raf@durin42.com> parents: 18354 diff changeset	278 HGPORT1 is reused below for tinyproxy tests. Kill that server.
25472 4d2b9b304ad0 tests: drop explicit $TESTDIR from executables Matt Mackall <mpm@selenic.com> parents: 25428 diff changeset	279 $ killdaemons.py hg1.pid
16300 74e114ac6ec1 tests: fix startup/shutdown races in test-https Matt Mackall <mpm@selenic.com> parents: 16107 diff changeset	280
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	281 Prepare for connecting through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	282
25472 4d2b9b304ad0 tests: drop explicit $TESTDIR from executables Matt Mackall <mpm@selenic.com> parents: 25428 diff changeset	283 $ tinyproxy.py $HGPORT1 localhost >proxy.log </dev/null 2>&1 &
16496 abbabbbe4ec2 tests: use 'do sleep 0' instead of 'do true', also on first line of command Mads Kiilerich <mads@kiilerich.com> parents: 16300 diff changeset	284 $ while [ ! -f proxy.pid ]; do sleep 0; done
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	285 $ cat proxy.pid >> $DAEMON_PIDS
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	286
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	287 $ echo "[http_proxy]" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	288 $ echo "always=True" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	289 $ echo "[hostfingerprints]" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	290 $ echo "localhost =" >> copy-pull/.hg/hgrc
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	291
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	292 Test unvalidated https through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	293
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	294 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull --insecure --traceback
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	295 pulling from https://localhost:$HGPORT/
29289 3536673a25ae sslutil: move and change warning when cert verification is disabled Gregory Szorc <gregory.szorc@gmail.com> parents: 29288 diff changeset	296 warning: connection security to localhost is disabled per current settings; communication is susceptible to eavesdropping and tampering
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	297 searching for changes
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	298 no changes found
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	299
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	300 Test https with cacert and fingerprint through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	301
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	302 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	303 > --config web.cacerts="$CERTSDIR/pub.pem"
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	304 pulling from https://localhost:$HGPORT/
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	305 searching for changes
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	306 no changes found
29263 817ee3cfe862 tests: don't save host fingerprints in hgrc Gregory Szorc <gregory.szorc@gmail.com> parents: 28847 diff changeset	307 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull https://127.0.0.1:$HGPORT/ --config hostfingerprints.127.0.0.1=914f1aff87249c09b6859b88b1906d30756491ca
13423 4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	308 pulling from https://127.0.0.1:$HGPORT/
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	309 searching for changes
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	310 no changes found
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	311
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	312 Test https with cert problems through proxy
4e60dad2261f tests: test https through http proxy Mads Kiilerich <mads@kiilerich.com> parents: 13401 diff changeset	313
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	314 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	315 > --config web.cacerts="$CERTSDIR/pub-other.pem"
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	316 pulling from https://localhost:$HGPORT/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	317 abort: error: certificate verify failed (glob)
13424 08f9c587141f url: merge BetterHTTPS with httpsconnection to get some proxy https validation Mads Kiilerich <mads@kiilerich.com> parents: 13423 diff changeset	318 [255]
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	319 $ http_proxy=http://localhost:$HGPORT1/ hg -R copy-pull pull \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	320 > --config web.cacerts="$CERTSDIR/pub-expired.pem" https://localhost:$HGPORT2/
24138 eabe44ec5af5 pull: print "pulling from foo" before accessing the other repo Thomas Arendsen Hein <thomas@intevation.de> parents: 23823 diff changeset	321 pulling from https://localhost:$HGPORT2/
23823 bd72e75f09e7 test-https: glob error messages more so we pass on Python 2.7.9 Augie Fackler <augie@google.com> parents: 23042 diff changeset	322 abort: error: certificate verify failed (glob)
13424 08f9c587141f url: merge BetterHTTPS with httpsconnection to get some proxy https validation Mads Kiilerich <mads@kiilerich.com> parents: 13423 diff changeset	323 [255]
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	324
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	325
25472 4d2b9b304ad0 tests: drop explicit $TESTDIR from executables Matt Mackall <mpm@selenic.com> parents: 25428 diff changeset	326 $ killdaemons.py hg0.pid
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	327
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	328 #if sslcontext
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	329
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	330 Start patched hgweb that requires client certificates:
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	331
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	332 $ cat << EOT > reqclientcert.py
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	333 > import ssl
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	334 > from mercurial.hgweb import server
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	335 > class _httprequesthandlersslclientcert(server._httprequesthandlerssl):
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	336 > @staticmethod
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	337 > def preparehttpserver(httpserver, ssl_cert):
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	338 > sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	339 > sslcontext.verify_mode = ssl.CERT_REQUIRED
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	340 > sslcontext.load_cert_chain(ssl_cert)
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	341 > # verify clients by server certificate
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	342 > sslcontext.load_verify_locations(ssl_cert)
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	343 > httpserver.socket = sslcontext.wrap_socket(httpserver.socket,
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	344 > server_side=True)
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	345 > server._httprequesthandlerssl = _httprequesthandlersslclientcert
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	346 > EOT
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	347 $ cd test
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	348 $ hg serve -p $HGPORT -d --pid-file=../hg0.pid --certificate=$PRIV \
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	349 > --config extensions.reqclientcert=../reqclientcert.py
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	350 $ cat ../hg0.pid >> $DAEMON_PIDS
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	351 $ cd ..
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	352
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	353 without client certificate:
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	354
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	355 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	356 abort: error: handshake failure (glob)
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	357 [255]
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	358
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	359 with client certificate:
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	360
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	361 $ cat << EOT >> $HGRCPATH
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	362 > [auth]
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	363 > l.prefix = localhost
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	364 > l.cert = $CERTSDIR/client-cert.pem
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	365 > l.key = $CERTSDIR/client-key.pem
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	366 > EOT
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	367
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	368 $ P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	369 > --config auth.l.key="$CERTSDIR/client-key-decrypted.pem"
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	370 5fed3813f7f5
4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	371
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	372 $ printf '1234\n' \| env P="$CERTSDIR" hg id https://localhost:$HGPORT/ \
25415 21b536f01eda ssl: prompt passphrase of client key file via ui.getpass() (issue4648) Yuya Nishihara <yuya@tcha.org> parents: 25413 diff changeset	373 > --config ui.interactive=True --config ui.nontty=True
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	374 passphrase for */client-key.pem: 5fed3813f7f5 (glob)
25415 21b536f01eda ssl: prompt passphrase of client key file via ui.getpass() (issue4648) Yuya Nishihara <yuya@tcha.org> parents: 25413 diff changeset	375
29331 1e02d9576194 tests: extract SSL certificates from test-https.t Yuya Nishihara <yuya@tcha.org> parents: 29293 diff changeset	376 $ env P="$CERTSDIR" hg id https://localhost:$HGPORT/
25415 21b536f01eda ssl: prompt passphrase of client key file via ui.getpass() (issue4648) Yuya Nishihara <yuya@tcha.org> parents: 25413 diff changeset	377 abort: error: * (glob)
21b536f01eda ssl: prompt passphrase of client key file via ui.getpass() (issue4648) Yuya Nishihara <yuya@tcha.org> parents: 25413 diff changeset	378 [255]
21b536f01eda ssl: prompt passphrase of client key file via ui.getpass() (issue4648) Yuya Nishihara <yuya@tcha.org> parents: 25413 diff changeset	379
25413 4d705f6a3c35 test-https: test basic functions of client certificate authentication Yuya Nishihara <yuya@tcha.org> parents: 24740 diff changeset	380 #endif

Mercurial > hg

annotate tests/test-https.t @ 29439:c42a3fd5c1fc